Rogue DHCP Server Detector

From Association for Computing Machinery

This program detects rogue DHCP servers. It monitors traffic on an Ethernet interface (configured in rogueDHCP.conf) and examines DHCP replies. If it notices a DHCP reply from an Ethernet address that is not in its known list of DHCP servers (also configured in rogueDHCP.conf), it informs the user of the situation by printing a message, along with some of the DHCP options in the DHCP reply, to standard output. The DHCP options that are printed if found in the DHCP reply are:

DHCP message type

Server identifier

Address least time

Subnet mask

Broadcast address

Router

Domain name

Domain name servers

The code is C/C++ and aims to be compact, requiring libpcap as the only third-party library. It has been tested with GCC and 4.2 and 4.3, on FreeBSD and GNU/Linux, and on 32- and 64-bit and little- and big-endian processors.